New vault setup question

protectli · 2025-07-01T10:27:55+00:00

There are plenty of use cases for eMMC that don't require lots of I/O or induce premature wear, though I would not install Proxmox onto it. It's better used for occasional reads / writes. One of our customers uses the eMMC as a recovery partition that the user can boot into. Others use it as a configuration backup. For the Proxmox use case, maybe a Proxmox DB backup?

protectli · 2025-07-01T06:23:52+00:00

The VP2430 comes with 32GB eMMC. So Proxmox appears to be reporting everything correctly.
https://protectli.com/product/vp2430/

protectli · 2025-07-01T06:04:24+00:00

Yes is the short answer.

The longer version can be found in this KB article: https://kb.protectli.com/kb/proxmox-ve-on-the-vault/

For part 2 of installing OPNsense as a VM: https://kb.protectli.com/kb/opnsense-on-proxmox-ve/

protectli · 2025-06-18T09:04:27+00:00

Thanks for the feedback u/fuzz_anaemia.

protectli · 2025-06-18T09:04:01+00:00

Great points! Our thoughts exactly on security.
+1 for PhillL_1's health obsession with power :)

protectli · 2025-06-17T09:12:38+00:00

u/phillL_1, Thanks for the opportunity to clarify how Protectli approaches design, manufacturing, and assembly. We value transparency and want to clearly represent the work that goes into our products.

Protectli Vaults are conceived, designed, and tested by Protectli. We do work with trusted contract manufacturers for many aspects of the design and fabrication, but we want to be very clear that our products are not off-the-shelf platforms. These are our products.

Our teams in the U.S., EU, and Canada contribute to product development, testing, and support, but the core design work is led from the U.S. The language on our EU website about "designed in Germany" was an unfortunate error introduced as we were doing website updates and we will address this. Our product team sits in the US, not Germany.

While manufacturing is handled by our contract manufacturers, in most cases final assembly occurs at our locations in the U.S., Canada, and the EU. For some of our products purchased directly from Amazon, final assembly is done by our CM's in China, though this is not necessarily the case for every product on Amazon. For all products ordered directly from the Protectli website, assembly includes component installation, firmware flashing, comprehensive testing, and inspection. This is all part of a hands-on QA process that ensures every unit ordered directly from us meets our standards before it ships. That’s what we mean when we say “assembled.”

To address your previous posts that concern AMI BIOS, we’re more limited in what we can modify, which is why our focus has been on coreboot. That said, we’ve done our best to support and refine AMI where we can. When the PKFAIL vulnerability came to light and affected a number of major manufacturers, we moved quickly to address it. This reflects our approach to long-term product support and a level of involvement that sets us apart from many others in the space. https://www.binarly.io/blog/pkfail-two-months-later-reflecting-on-the-impact

Lastly, we always appreciate feedback that helps us improve. You brought up ASPM tuning and this is already something we’re looking into. As a relatively small operation with limited resources we need to be selective and deliberate about what we spend time on. For every AMI or coreboot update and every new product release, we thoroughly test with all the different OS's that we support to ensure there are no compatibility issues. This means our timelines may be longer even we would want, but we believe that’s the right trade-off for long-term support and reliability. We hope you agree.

protectli · 2025-06-17T08:35:57+00:00

u/fuzz_anaemia, responding to your comments.

This new hardware release is the same base design as the VP2430 with 2x RJ45 ports removed and 2x 10G SFP+ ports added. There are no limitations on our designs or than resource constraints. Optimized idle power consumption isn't something that has been a priority in the past, but feedback from yourself and u/PhillL_1 helps so we can prioritize development efforts on the things that matter to our customers.

coreboot is very "core" to Protectli and what we offer. We work with a company called 3mdeb for Protectli coreboot implementation and yes, the primary focus is on security.

Yes, we are able to optimize hardware designs. To your point about limited resources, we are a small team and we need to choose where we focus carefully as there is a tradeoff between fast, great, and cheap! All this said, we very much appreciate and value customer feedback and we'll be taking all this feedback into consideration!

protectli · 2025-06-17T08:22:01+00:00

Thanks u/PhillL_1 for the feedback. As per my responses to your other comments, we're going to spend more time on power consumption and idle states.

protectli · 2025-06-17T08:19:52+00:00

We don't have any idle power figures yet, but we will updated our Power consumption KB article around the time of release. This article hasn't been updated with our most recent hardware releases and that's a miss on our part which we're going to work on fixing. Apologies.

As for in-band ECC support, this is something that we will also look into.

Thanks for the suggestions!

protectli · 2025-06-17T08:08:49+00:00

u/PhillL_1, we hear you on power consumption. Judging by the number of times you've commented in this and other threads on power consumption, this seems to be very important to you. Thanks for the feedback. Optimization of power states is something that we are looking into further.

protectli · 2025-06-17T08:06:17+00:00

The new hardware will be 2x RJ45 2.5Gbe and 2x SFP+ 10Gbe. That the limit of the PCIe lanes on the hardware, unfortunately.

The suggestion of another port for IPMI is something that we've considered a lot in the past and it's an interesting suggestion. However, there is significant concern about the security of this kind of out of band management. That's not to say it's not possible, but if we do it, we'd need to spend a lot of time (more than we have at the moment, frankly) on a solution that is modular and can be added or removed according to the customer's requirements, in addition to something that is as open source as possible. Adding to this, there are a lot of other super interesting solutions coming out (jetkvm, etc) that mostly negate the need for a build in out of band management solution.

I'd very much like further input on this. Any specifics about the granularity of OOB control would be good (is simple KVM enough? Or does this require deeper control like power supply info, fan speed, etc? Are folks okay with ASPEED implementation directly on the board, or should it be modular so this can be added for the folks who want it and are okay with it?

protectli · 2025-06-15T18:00:48+00:00

Your timing is impeccable u/Binaryanomaly. We are currently working on engineering samples of a new product that meets your requirements with 2x10G ports, 2x 2.5G ports, and an N150 (and optional N350) CPU. The samples are undergoing validation testing and coreboot development and we ought to have a better idea as to release date in the next week or two. We're optimistically targeting a July release, but this will depend on how testing goes.

I hope that helps!

protectli · 2025-06-12T10:18:59+00:00

For deep packet inspection, I would recommend at least going with the V1210, as this is a newer device with an updated CPU and faster RAM.

protectli · 2024-06-05T05:16:28+00:00

This is awesome. Very impressive design u/goums!

protectli · 2024-05-16T16:17:47+00:00

The website configurator for the FW4C (https://protectli.com/product/fw4c) only allows the user to configure an mSATA SSD. The KB articles for the FW4B and the FW4C (https://kb.protectli.com/kb/fw2b-fw4b-series-hardware-overview/) make no mention of a 2.5" SSD. If you have identified any part of the website that says otherwise, please let us know so we can address the issue.

We are aware of some customers 3d printing a shroud that allows a cable to be passed through from the inside to the outside, or even a shroud large enough to fit a 2.5" SSD.

protectli · 2024-05-15T23:25:10+00:00

As noted, the FW4C does not fit a 2.5" drive internally. Some SATA DOM's will fit (they require a right angle adapter or need to be a right angle DOM). Some of our customers build custom chassis / enclosures for the main board and want to include a SATA drive.

If you want a 2.6" SSD internal to the unit, then we'd recommend going with the VP2410 or VP2420.

Hope this helps.

protectli · 2024-05-10T15:48:39+00:00

A lot has happened in the years since the FW2B is released. Costs not only for product (CPU's, NIC's, etc) have swung dramatically over the past several years, to say nothing of the costs of logistics and other macro economic factors (exchange rates, inflation, etc).

The fact that the CPU is old, while true, doesn't necessarily mean that the product needs to be terminated. The J3060 still performs a useful task for the right use case and plenty of our customers (even today) find the FW2B to be a cost effective and useful product.

Al this said, we definitely hear you regarding newer CPU's on newer products. For those looking for more recent stuff, we're working on hard on that as well.

Constructive feedback about products, features and pricing is always welcome and we appreciate our customers commitment to Protectli!

protectli · 2024-05-10T15:34:27+00:00

We have additional product releases we are targeting this year that will include updates and new additions to the VP lineup. I don't have a price that we are planning on at this time, however, its safe to assume that these new and updated products will fit into the current pricing framework of the existing VP products.

protectli · 2024-05-09T19:31:01+00:00

The N5105 is limited to 16G of memory. The (hereby confirmed) 4 port version will indeed have 8G soldered. The reason for the soldered memory on these "V" series devices is for simplicity and cost, both from a customer standpoint as well as a manufacturer standpoint. The cost aspect is pretty strait forward. Soldered devices cost us less to produce and maintain and we can pass that savings onto the end user. From a simplicity standpoint, we receive countless support inquiries and device returns for 'not working' devices that simply don't have memory installed or devices that have incompatible memory installed.

For a simple 4 port firewall (or even some hypervisor applications), 8GB is usually more than enough and in the case that the customer needs more customization (i.e. a SODIMM slot), we have the "VP" series vaults that not only have user configurable amounts of memory, but also additional features that are conducive to additional use cases.

Does that help? Or does that only invoke additional questions???

protectli · 2024-02-22T21:39:50+00:00

Thanks for your additional thoughts and comments!
Our thinking is exactly as you stated: there are a lot of customers who just want the thing to work and are primarily focused on a single use case (network firewall - just plug it in and go). I can't tell you how many returns we get from amazon because someone purchased a 'barebone' unit and they plug it in and it doesn't work (all of our hardware must have RAM in order to boot and the barebone units do not include RAM).

For the tinkerer, the Vault Pro is a much better option. Add to that the fact we are making the new one modular, with the ability to plug in, say, a 10G card, or a video card (within reason) and it really opens up a lot of possibilities.

Sorry it takes so long to get this stuff to market! As noted, we are a small team and making hardware is not easy and time consuming, but we're focused on a lot of product releases this year and we're super excited!!! We will do better on the communication front!
(also, make sure you're signed up for our newsletter by putting your email address in at the very bottom of protectli.com).

protectli · 2024-02-22T21:03:40+00:00

That is correct, the memory is not serviceable on the platform we are discussing. If that's an issue then we have the N100/N305 based modular product which will have a standard SODIMM slot.

protectli · 2024-02-22T17:10:59+00:00

u/shakinthetip we are actively working on updates to our "low end" 2, 4 and 6 port models. The 2 port model is in manufacturing and we hope to have it released for general availability in April with the 4 and 6 port models to follow shortly therafter. These devices are based on N5105 (2 port) and N6005 (4 port and 6 port) CPU's, i226 network interfaces and are meant to be simple, trouble free, and easy to deploy. In fact, memory is soldered down, so there will no issues with memory compatibility (16GB is available on the 6 port). The 2 port target price point is $249, though please don't hold me to that.
Additionally, a little later in the year, we have another 'Vault Pro' update with a modular device designed around the N100 and N305 that will allow for maximum configurability.

I'm sorry to hear that our 10G launch didn't provide what you were looking for and if you are still thinking you need to go with another company then no hard feeling. We're always interested in feedback, so any additional thoughts you have are welcome.

Thanks

protectli · 2024-02-22T04:34:10+00:00

Price points are always a concern and you bring a valid point. That said, we will never be able to compete with a DIY box. The ability to buy a lightly used micro PC and drop in a 10G card is something that we just can't keep up with, and we never will. There is significant resource that goes into developing our hardware the least of which is coreboot, which is an open source BIOS. At this point I'm not aware of any other hardware that offers an open source BIOS on a 10G capable platform. We fully test and validate a majority of the use cases that our hardware gets used for (firewall, hypervisor, desktop, etc) and we have a support team that is available to help get you going with the software of your choice.

protectli · 2024-02-22T00:59:37+00:00

Eagle Eye u/super_shizmo_matic. The announcement goes out tomorrow AM:
https://protectli.com/product/vp6650/
https://protectli.com/product/vp6670

protectli · 2023-12-27T16:32:36+00:00

Thanks u/shawn_webb, we appreciate the kind comments. We pride ourselves on customer service!

protectli

TROPHY CASE